cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
0
Helpful
6
Replies

DNS Resolution - Not Working

Amin Shaikh
Level 1
Level 1

Hi,

My requirement is Local DNS Server on LAN to resolve all internet resolution for LAN Users.

On ASA I have natted public IP to DNS server IP, but doesnt seems to work.

Any Help.

ASA config is attached.

DNS Server on LAN : 192.168.100.5

6 Replies 6

Can you check these

- are you able to do dns lookup from the LAN DNS server itself ? if yes, then did you configure this server as a dns forwarder ?

- also on the ASA, is inspect DNS still there?

From LAN DNS Server I cannot resolve internet-Host. I have DNS Forwarder configured on LAN DNS Server.

On ASA I have tested with INSPECT DNS and without. But no Luck...

Is the ASA Configuration Correct for my requirement.

Your fw inside ip address 192.168.12.121, but dns server is 192.168.100.5.. is this on some other vlan behind some other L3 device? if so, does the firewall has the route for reaching the network 192.168.100.X

Also you may try to to remove the static NAT and do a hide nat with the outside interface. Then try to access internet from the local dns server.

no static (inside,Outside) 57.25.175.92 192.168.100.5

global (Outside) 1 interface

nat (inside) 1 192.168.100.0 255.255.255.0

If it works, then problem here is may be with arp-proxy or interface ACL on your internet router .

Try adding a static arp on your internet router for the public IP you are using for static NAT.

Hi,

Reachability is there.

I didnt understood adding static arp on internet router. What do you mean.

Please explain

That static ARP on the upstream router is to send packets destined to the PUBLIC address towards the firewall's outside interface's MAC address.

Pls. try loading google.com by its IP address in the browser.

ex:

http://64.233.169.104

If this works then, for one host on the inside change the DNS server's ip address to 4.2.2.2 and see if you get name resolution and be able to load the page by the name and not IP address.

Let us know how that goes.

Thank You.

4.2.2.2 didnt help.

Reloading doesnt help as well.

With name or IP it doesnt browse.

Any helpful internet link showing steps required on windows 2003 Server and ASA to recheck the config.

Is the config done on ASA (1st post) correct

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: